Companies have to assume that they will be hacked at some point and to protect / isolate assets and customers much more ferociously, where when an intrusion does occur it is mitigated as much as possible. Reading between the lines, it's very obvious they have no idea what was exposed and trying to save face.
The only reason that Telus Digital is saying they are investigating and don't know the impact to customers is because they literally didn't know and found out because the hacker group involved reached out to Reuters of what they did and what customer info they had. That in itself is the most troubling part.
Often the breaches occur with 3rd party vendors through lax policies / outsourcing and sure enough this was done through a complete oversight and this is exactly what happened here.
Quote:
|
ShinyHunters told BleepingComputer that it was able to hack Telus after it found the company’s Google Cloud Platform credentials in the massive haul of data it stole from Salesloft in 2025. ShinyHunters also shared a sample of stolen Telus data with BleepingComputer, which confirmed that it included call-center records.
|
https://cyberscoop.com/salesloft-dri...scope-expands/
Quote:
|
Salesloft Drift customers are compromised in a much more expansive downstream attack spree than previously thought, potentially ensnaring any user that integrated the AI chat agent platform to another service.
|
That's what happens when IT and cybersecurity is run as a cost center and often the first place to get hit with cost cutting.
Telus Digital confirms "massive data theft"
